Archive for September, 2009
From Dr. Steven Brown | September 30th, 2009
Jerry Dixon, a former executice with Homeland Security, US-CERT and the National Cyber Security Division (NCSD) discusses the state of cybercrime and some of the new threats that are faced — botnets, denial of service, fraud, etc. — are just a few of the threats that are continuing to cause problems, and it goes to show that these problems are not ceasing, they are evolving – and it also shows how
You may need to subscribe to view the videopod.
What are your thoughts?
Tags: botnets, cybercrime, denial of service, fraud, Homeland Security, National Cyber Security Division
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0 
From Mary Brown | September 25th, 2009
Toby Wolpe, of ZDNet UK writes about the commercial use of open source software and its impact on security. He discusses a solution that he argues is more secure.
Do you believe that the security profile of Nominum’s proprietary DNS solution is sufficiently superior to warrant the cost of moving away from freeware such as BIND?
How does this apply to the concept of the commercial use of open source software in general?
Tags: open source software, security, software
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
From Mary Brown | September 22nd, 2009
There has long been speculation as to the number of computers on the Internet and whether they have been compromised in such a way as to make them available to a hacker. The compromised computers, known as bots or zombies, can be consolidated and ‘pointed’ at a target to create distributed denial of service attacks (DDOS).
Raul Siles, reports on efforts by both the IETF and the IIA to develop guidance for ISPs; to locate and eliminate these compromised systems from their networks.
How important do you think it is to mitigate the problem with bots and how can we as information security professionals support that effort? Share your thoughts.
Tags: bots, DDOS, distributed denial of service attack, mitigating bots, service attacks, zombies
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
From Mary Brown | September 17th, 2009
Riva Richmond reports on the latest SAN research which indicates that organizations are still focused on mitigating risks related to operating system threats while hackers are focused on application vulnerabilities for commonly used applications like Adobe and Office and are, in particular, focused on leveraging web development vulnerabilities.
How would you recommend that organizations do a better job of prioritizing their risk mitigation efforts, assuming you agree with SANS and their partners who participated in this research?
Share your ideas.
Tags: applications, hackers, mitigating risks, Research, Web development
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
From Rodney Visser | September 15th, 2009
Recently, another Windows os vulnerability has surfaced pointed at ports 139 and 445. It was initially released as a denial of service attack, but could also allow system level remote code execution. The strange thing about this particular exploit for me, is that this issue was fixed on Windows 7 build 7130, but as of today there is still no fix for Vista or Server 2008.
In the time it is taking them to address this issue there is already working exploit code in the ever popular MetaSploit framework and as an added bonus it has the ability to do reverse HTTP tunneling on port 80. This means that you could hit an exploited system and the firewall will literally mean nothing.
Tags: information security, network
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
From Mary Brown | September 15th, 2009
Kelly Jackson Higgins of DarkReading.com reports on a successful hack of an RBS WorldPay Systems database. The database is reported as being a test database that does not include any live data. This has created speculation as to the proper security standards for such systems.
Should organizations use test applications that are susceptible to things like SQL injection and that are accessible via the Internet? Given the specialized nature of application security, does your organization have a great program in place to prevent bad code from exposing the rest of the information assets?
Share your experience and insights.
Tags: data, database, hack, security standards
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
From Jimmy Arendt | September 14th, 2009
What am I talking about? I am talking about Bill S.773 that is before the 111th Congress 1st Session – AKA Cybersecurity Act of 2009. This bill was introduced to the Senate by Senator Rockefeller, et al. dated March 31, 2009. According to the “Cybersecurity Act of 2009 as found on OpenCongress.org’s Web site; this is “A bill to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective Cybersecurity defenses against disruption, and for other purposes. “ (OpenCongress.org, 2009). READ ON
Tags: Bill S.773, cybersecurity, CyberSecurity Act of 2009
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
From Mary Brown | September 8th, 2009
Ohigashi & Morii (2009) have published a research paper that increases the concern about the use of WPA encryption to protect data being transmitted via wireless networks. Wireless security is becoming a more pressing topic as mobile computing becomes more the norm.
How important do you think it really is to worry about using very robust security for wireless as opposed to just the run of the mill WEP or WPA? Do you think most organizations are creating architectures for their wireless solutions that are highly secure?
Why or why not? Tell us what you think.
Tags: mobile computing, security, wireless security
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
From Jimmy Arendt | September 1st, 2009
On July 17, 2009, a lawsuit was filed on behalf of Andrea McNulty against Ben Roethlesberger, a football quarterback, John Koster, the Harrah’s Casino Northern Nevada President, Guy Hyder, the Security Chief at Harrah’s Lake Tahoe, et al. (RGJ.com, 2009) This post will not address the main issues or complaints of the lawsuit. It will discuss the complaint of Invasion of Privacy, Trespass and Civil Conspiracy. READ ON
Tags: Conspiracy, evidence, Football star, Forensic, Harrah's, privacy, Trespass
Delicious // Digg This! // Technorati
Subscribe to comments via RSS 2.0
